Windows endpoints are in danger of remote code execution thanks to a newly discovered vulnerability in Kubernetes, warns a new report by cloud computing giant Akamai. The flaw, known as CVE-2023-3676, impacts all Windows nodes within Kubernetes environments, has a low barrier to entry and carries a CVSS severity rating of 8.8 out of 10. Akamai urges companies using Kubernetes to patch their systems immediately.
Kubernetes, which means ‘helmsman’ or ‘pilot’ in Greek, is an open-source system for organising software or server containers and is designed to help companies better manage their growing cloud commitments. Over 50% of Fortune 100 companies have adopted this architecture, in which the use of Windows is popular. For example, Microsoft itself runs many of the services that power Office 365 and Microsoft 365 in Windows containers on the Azure Kubernetes Service.
CVE-2023-3676 makes all Windows endpoints within Kubernetes clusters vulnerable to remote code execution by hackers. To exploit the vulnerability, the attacker needs to apply an exploit on a target Kubernetes cluster written in YAML, a programming language prevalent throughout Kubernetes architectures. This malware only requires low privileges to work, thereby setting “a low bar for attackers”, explained Akamai researcher Tom Peled. “Successful exploitation of this vulnerability will lead to remote code execution on any Windows node on the machine with SYSTEM privileges.”
Patches have been released for this vulnerability and two others, CVE-2023-3893 and CVE-2023-3955.
Security company Cyble warned in a report last year that over 900,000 Kubernetes structures are exposed online, meaning they are vulnerable to malicious scans or data-exposing cyberattacks.
“Online scanners have made it easy for security researchers to find the exposure of assets,” explained the advisory. “At the same time, malicious hackers can also investigate the exposed Kubernetes instance for a particular organization, increasing the risk of attack.”